CVEs from 2026
Total
13,506
critical
critical 1,178
high
high 4,304
medium
medium 4,191
low
low 452
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40560 | high | 7.5 | 7.5 | 1mo ago | Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both hea… | |||
| CVE-2026-7357 | high | 7.5 | 7.5 | 1mo ago | Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chro… | |||
| CVE-2026-7349 | high | 7.5 | 7.5 | 1mo ago | Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium se… | |||
| CVE-2026-7343 | high | 7.5 | 7.5 | 1mo ago | Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… | |||
| CVE-2026-7338 | high | 7.5 | 7.5 | 1mo ago | Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium securi… | |||
| CVE-2026-42423 | high | 7.5 | 7.5 | 1mo ago | OpenClaw: strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts | |||
| CVE-2026-41405 | high | 7.5 | 7.5 | 1mo ago | OpenClaw: MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion | |||
| CVE-2026-41400 | high | 7.5 | 7.5 | 1mo ago | OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062) | |||
| CVE-2026-41399 | high | 7.5 | 7.5 | 1mo ago | OpenClaw: Gateway WebSocket Denial of Service via unbounded pre-auth upgrades | |||
| CVE-2026-41395 | high | 7.5 | 7.5 | 1mo ago | OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering | |||
| CVE-2026-3323 | high | 7.5 | 7.5 | 1mo ago | An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes. | |||
| CVE-2026-41636 | high | 7.5 | 7.5 | 1mo ago | Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion | |||
| CVE-2026-41602 | high | 7.5 | 7.5 | 1mo ago | Apache Thrift TFramedTransport Go language implementation has an Integer Overflow or Wraparound vulnerability | |||
| CVE-2026-40975 | high | 7.5 | 7.5 | 1mo ago | Spring Boot's random value property source uses a weak PRNG unsuitable for secrets | |||
| CVE-2026-40972 | high | 7.5 | 7.5 | 1mo ago | Spring Boot DevTools remote secret comparison is vulnerable to timing attacks | |||
| CVE-2026-3087 | high | 7.5 | 7.5 | 1mo ago | If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different tha… | |||
| CVE-2026-31256 | high | 7.5 | 7.5 | 1mo ago | A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream… | |||
| CVE-2026-30350 | high | 7.5 | 7.5 | 1mo ago | An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||
| CVE-2026-32688 | high | 7.5 | 7.5 | 1mo ago | Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-table exhaustion | |||
| CVE-2026-7040 | high | 7.5 | 7.5 | 1mo ago | Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, lead… | |||
| CVE-2026-6785 | high | 7.5 | 7.5 | 1mo ago | Important: thunderbird security update | |||
| CVE-2026-5201 | high | 7.5 | 7.5 | 1mo ago | Important: gdk-pixbuf2 security update | |||
| CVE-2026-6786 | high | 7.5 | 7.5 | 1mo ago | Important: thunderbird security update | |||
| CVE-2026-6985 | high | 7.5 | 7.5 | 1mo ago | A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation… | |||
| CVE-2026-31676 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE packets while the service connection is still in RXRPC… | |||
| CVE-2026-41503 | high | 7.5 | 7.5 | 1mo ago | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service property decoder… | |||
| CVE-2026-41502 | high | 7.5 | 7.5 | 1mo ago | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service decod… | |||
| CVE-2026-41907 | high | 7.5 | 7.5 | 1mo ago | uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided | |||
| CVE-2026-41416 | high | 7.5 | 7.5 | 1mo ago | PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymm… | |||
| CVE-2026-33666 | high | 7.5 | 7.5 | 1mo ago | Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), the setBitPosition() bounds… | |||
| CVE-2026-33662 | high | 7.5 | 7.5 | 1mo ago | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function e… | |||
| CVE-2026-33524 | high | 7.5 | 7.5 | 1mo ago | Zserio Runtime: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization | |||
| CVE-2026-42039 | high | 7.5 | 7.5 | 1mo ago | Axios: unbounded recursion in toFormData causes DoS via deeply nested request data | |||
| CVE-2026-42038 | high | 7.5 | 7.5 | 1mo ago | Axios: no_proxy bypass via IP alias allows SSRF | |||
| CVE-2026-41680 | high | 7.5 | 7.5 | 1mo ago | Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer | |||
| CVE-2026-31662 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG The GRP_ACK_MSG handler in tipc_group_proto_rcv() currently decrements bc_… | |||
| CVE-2026-31640 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpc_post_response(), the code should be comparing th… | |||
| CVE-2026-31638 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpc_input_packet_on_conn() can process a to-client packet after the current cl… | |||
| CVE-2026-31635 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgk_verify_response() decodes auth_len from the packet and is supposed … | |||
| CVE-2026-31612 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2_get_ea() smb2_get_ea() reads ea_req->EaNameLength from the client request and passes it dire… | |||
| CVE-2026-31600 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as in… | |||
| CVE-2026-31598 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible deadlock between unlink and dio_end_io_write ocfs2_unlink takes orphan dir inode_lock first and then ip_alloc… | |||
| CVE-2026-31563 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: macb: Use dev_consume_skb_any() to free TX SKBs The napi_consume_skb() function is not intended to be called in an IRQ disab… | |||
| CVE-2026-31557 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: nvmet: move async event work off nvmet-wq For target nvmet_ctrl_free() flushes ctrl->async_event_work. If nvmet_ctrl_free() runs … | |||
| CVE-2026-31552 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom Since upstream commit e75665dd0968 ("wifi: wlcore… | |||
| CVE-2026-31539 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_… | |||
| CVE-2026-31538 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_i… | |||
| CVE-2026-1952 | high | 7.5 | 7.5 | 1mo ago | Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability. | |||
| CVE-2026-6947 | high | 7.5 | 7.5 | 1mo ago | DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-f… | |||
| CVE-2026-41317 | high | 7.5 | 7.5 | 1mo ago | Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like expl… | |||
| CVE-2026-32952 | high | 7.5 | 7.5 | 1mo ago | go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash a… | |||
| CVE-2026-35064 | high | 7.5 | 7.5 | 1mo ago | A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, iden… | |||
| CVE-2026-27877 | high | 7.5 | 7.5 | 1mo ago | Important: grafana security update | |||
| CVE-2026-34986 | high | 7.5 | 7.5 | 1mo ago | Important: buildah security update | |||
| CVE-2026-6732 | high | 7.5 | 7.5 | 1mo ago | A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An att… | |||
| CVE-2026-41346 | high | 7.5 | 7.5 | 1mo ago | OpenClaw: Pairing pending-request caps were enforced per channel instead of per account | |||
| CVE-2026-32210 | high | 7.5 | 7.5 | 1mo ago | Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-41259 | high | 7.5 | 7.5 | 1mo ago | Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and perfo… | |||
| CVE-2026-41205 | high | 7.5 | 7.5 | 1mo ago | Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is… | |||
| CVE-2026-6903 | high | 7.5 | 7.5 | 1mo ago | The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read… | |||
| CVE-2026-41564 | high | 7.5 | 7.5 | 1mo ago | CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X2551… | |||
| CVE-2026-41040 | high | 7.5 | 7.5 | 1mo ago | GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string. | |||
| CVE-2026-41180 | high | 7.5 | 7.5 | 1mo ago | PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart | |||
| CVE-2026-40062 | high | 7.5 | 7.5 | 1mo ago | A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system. | |||
| CVE-2026-31477 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL deref in smb2_lock() smb2_lock() has three error handling issues after list_del() detaches smb_l… | |||
| CVE-2026-31467 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio completion if needed The bio completion path in the process context (e.g. dm-verity) will directly… | |||
| CVE-2026-6857 | high | 7.5 | 7.5 | 1mo ago | camel-infinispan Vulnerable to Deserialization of Untrusted Data | |||
| CVE-2026-6022 | high | 7.5 | 7.5 | 1mo ago | In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to… | |||
| CVE-2026-35229 | high | 7.5 | 7.5 | 1mo ago | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacke… | |||
| CVE-2026-33813 | high | 7.5 | 7.5 | 1mo ago | Parsing a WEBP image with an invalid, large size panics on 32-bit platforms. | |||
| CVE-2026-40584 | high | 7.5 | 7.5 | 1mo ago | RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web… | |||
| CVE-2026-6784 | high | 7.5 | 7.5 | 1mo ago | Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t… | |||
| CVE-2026-41039 | high | 7.5 | 7.5 | 1mo ago | This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit… | |||
| CVE-2026-6553 | high | 7.5 | 7.5 | 1mo ago | TYPO3 CMS Stores Cleartext Password in User Settings Module | |||
| CVE-2026-41254 | high | 7.5 | 7.5 | 1mo ago | Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. | |||
| CVE-2026-40323 | high | 7.5 | 7.5 | 1mo ago | SP1 V6 Recursion Circuit Row-Count Binding Gap | |||
| CVE-2026-40476 | high | 7.5 | 7.5 | 1mo ago | graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation | |||
| CVE-2026-40461 | high | 7.5 | 7.5 | 2mo ago | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise. | |||
| CVE-2026-32650 | high | 7.5 | 7.5 | 2mo ago | Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database … | |||
| CVE-2026-41493 | high | 7.5 | 7.5 | 2mo ago | yard: Possible arbitrary path traversal and file access via yard server | |||
| CVE-2026-40170 | high | 7.5 | 7.5 | 2mo ago | ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack bu… | |||
| CVE-2026-6351 | high | 7.5 | 7.5 | 2mo ago | MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files. | |||
| CVE-2026-5121 | high | 7.5 | 7.5 | 2mo ago | Important: libarchive security update | |||
| CVE-2026-32178 | high | 7.5 | 7.5 | 2mo ago | RHSA-2026:8475: .NET 9.0 security update (Important) | |||
| CVE-2026-26171 | high | 7.5 | 7.5 | 2mo ago | RHSA-2026:8475: .NET 9.0 security update (Important) | |||
| CVE-2026-32203 | high | 7.5 | 7.5 | 2mo ago | RHSA-2026:8475: .NET 9.0 security update (Important) | |||
| CVE-2026-33116 | high | 7.5 | 7.5 | 2mo ago | RHSA-2026:8475: .NET 9.0 security update (Important) | |||
| CVE-2026-6308 | high | 7.5 | 7.5 | 2mo ago | Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page… | |||
| CVE-2026-6319 | high | 7.5 | 7.5 | 2mo ago | Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted… | |||
| CVE-2026-5088 | high | 7.5 | 7.5 | 2mo ago | Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::R… | |||
| CVE-2026-23666 | high | 7.5 | 7.5 | 2mo ago | Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network. | |||
| CVE-2026-22155 | high | 7.5 | 7.5 | 2mo ago | A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3… | |||
| CVE-2026-5086 | high | 7.5 | 7.5 | 2mo ago | Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in tim… | |||
| CVE-2026-22566 | high | 7.5 | 7.5 | 2mo ago | An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials. Affected Products: UniFi Play PowerAmp (Version … | |||
| CVE-2026-22565 | high | 7.5 | 7.5 | 2mo ago | An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. Affected Products: UniFi Play PowerAmp (Versi… | |||
| CVE-2026-6231 | high | 7.5 | 7.5 | 2mo ago | The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 seq… | |||
| CVE-2026-31417 | high | 7.5 | 7.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix overflow when accumulating packets Add a check to ensure that `x25_sock.fraglen` does not overflow. The `fraglen` a… | |||
| CVE-2026-40436 | high | 7.5 | 7.5 | 2mo ago | The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attac… | |||
| CVE-2026-1519 | high | 7.5 | 7.5 | 2mo ago | RHSA-2026:8352: bind security update (Important) | |||
| CVE-2026-40180 | high | 7.5 | 7.5 | 2mo ago | quarkus-openapi-generator extension has Zip Slip Path Traversal in ApicurioCodegenWrapper class |